10-01-2018 04:47 AM
When the clients are connecting their Apple devices running iOS 12 to the SSID, they input their credentials on the guest portal and are able to authenticate successfully and get the following message -: " Success! You now have internet access through this network".
But as soon as they try to browse anything on the internet, they automatically get disconnected from the network.
Note -: This issue is only being experienced on Apple devices running IOS 12, rest of the OS and IOS version are working fine.
I checked the compatibility for IOS 12 supported by ISE 2.1, the latest version of IOS support is IOS 11.x by ISE 2.1 -: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/compatibility/ise_sdt.html
In fact, none of the ISE version provides support for iOS 12.
Is there any bug associated with this?
Or, is there any ETA as to when ISE would support iOS 12?
Solved! Go to Solution.
10-01-2018 10:04 AM
10-02-2018 05:38 AM - edited 10-02-2018 11:50 AM
CSCvm57650 BYOD TLS not working for IOS12 FCS release
We can’t claim support for any release while this bug is open. If you encounter issues please work through development channels
Note: Seen this working in ISE 2.2 & 2.3 problems will arise where not able to use TLS 1.2. iOS 12 needs the ISE portal certificate to be using SHA256 at least.
10-01-2018 10:04 AM
10-02-2018 01:45 AM
Hi Jason,
Thanks for your response.
I am from AAA-TAC only. As i see from the documentation, it does not state that iOS12 is supported by ISE.
So I have two follow up questions -:
1) Should I raise a document bug , requesting them to add Apple iOS 12 under the compatibility guide for ISE?
2) Is there any ETA to officially add support for iOS 12 ?
10-02-2018 05:38 AM - edited 10-02-2018 11:50 AM
CSCvm57650 BYOD TLS not working for IOS12 FCS release
We can’t claim support for any release while this bug is open. If you encounter issues please work through development channels
Note: Seen this working in ISE 2.2 & 2.3 problems will arise where not able to use TLS 1.2. iOS 12 needs the ISE portal certificate to be using SHA256 at least.
10-02-2018 11:59 AM - edited 10-02-2018 11:59 AM
Do you happen to know if this would also impact eap-tls authentications with apple products? And if it applies to all certs in the chain or just the node cert? I just looked at the Digicert High Assurance EV root and it's sha1, the intermediate and issued certs are sha256.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide